Frank Crast

Microsoft: Attackers are increasingly using token theft in cyberattacks to bypass MFA

The Microsoft Detection and Response Team (DART) has spotted an increase in attackers using token theft in the cloud to compromise corporate systems while bypassing multi-factor authentication (MFA) and other authentication controls.

CISA adds 7 vulnerabilities to Known Exploited Vulnerabilities Catalog (to include Windows and Samsung vulnerabilities)

The Cybersecurity and Infrastructure Security Agency (CISA) has added seven (7) vulnerabilities to its Known Exploited Vulnerabilities Catalog, to include Microsoft Windows and Samsung vulnerabilities.

Cyber threat actors exploit Zimbra Collaboration Suite vulnerabilities (update)

The Cybersecurity and Infrastructure Security Agency (CISA) and the Multi-State Information Sharing & Analysis Center (MS-ISAC) have published a joint security alert for multiple vulnerabilities against Zimbra Collaboration Suite (ZCS).

Microsoft November 2022 Security Updates addresses 65 vulnerabilities (6 zero-days to include ProxyNotShell)

The Microsoft November 2022 Security Updates includes patches and advisories for 65 vulnerabilities, including 6 zero-days and 10 Critical severity issues.